Just days after the Marks & Spencer cyberattack, the Co-operative Group (Co-op) discovered hackers trying to breach its systems . Co-op acted immediately – it pre-emptively shut down parts of its IT network to contain the threat . Thanks to this swift move, Co-op’s stores stayed open and customer-facing services weren’t disrupted, aside from some back-office systems going offline. This proactive response likely prevented a serious breach. For small businesses in Liverpool, Wirral, and North Wales, Co-op’s close call is a powerful reminder that acting fast can make all the difference in cybersecurity.
What Happened at Co-op?
On April 30, 2025, Co-op executives informed staff that they had detected attempts to gain unauthorized access to the company’s systems . In response, Co-op promptly disconnected certain internal systems (essentially “pulling the plug” on parts of its network) as a precaution . This included taking some inventory and remote-work systems offline to stop the hackers in their tracks . A few employees temporarily lost remote access, but importantly, customer services – from grocery stores to home deliveries – continued as usual .
The National Cyber Security Centre (NCSC) worked with Co-op to investigate and to examine links to the M&S incident . Security experts noted that two major retailers facing cyber attacks in the same week was likely no coincidence . In Co-op’s case, the quick defensive measures paid off: the company found no evidence that any customer data was accessed and assured customers they didn’t need to do anything differently . In short, what could have been a catastrophic breach was reduced to a minor inconvenience.
Lessons for Small Business Owners
The Co-op incident highlights several key lessons for businesses of all sizes:
Detect and Act Fast: Speed is everything. Co-op’s IT team spotted unusual activity and reacted immediately. Early detection let them isolate the threat before it spread. Set up security alerts (for example, for strange login attempts or spikes in network activity) and have a plan to respond the moment something looks wrong.
The faster you react to a cyber threat, the less damage it can do.
Don’t Hesitate to Pull the Plug: Co-op wasn’t afraid to “pull the plug” on some systems to protect the rest . It’s better to endure a short outage on a few tools than to risk a full-blown breach. If you suspect a particular computer or software is compromised, don’t hesitate to disconnect it from your network – you can always restore it once things are secure.
Plan for Continuity: Co-op’s proactive shutdown didn’t cripple its operations because they had backup ways to work. This is a reminder to plan how your business would run if your primary systems went down. Could you still process sales or access important information? Keeping offline backups of critical data and having manual workarounds (even if they’re slower) can keep you going during a cyber emergency.
Have a Response Plan: Co-op had clear steps to follow when a threat was detected – and they executed them calmly and effectively. Every small business should have an incident response plan defining who to call (IT support, cybersecurity provider, etc.), how to isolate affected systems, and how to communicate with your team and customers. Practice this plan, too. When an attack happens, there’s no time to scramble; everyone should know their role and act without delay.
Staying One Step Ahead
The biggest takeaway from Co-op’s experience is that proactive defense works. It’s not about panic – it’s about preparation. Start by figuring out what sensitive data and systems your business has, and put strong protections around them (encryption, strong passwords, backups, etc.). Don’t assume it “won’t happen to you” – in fact, 42% of small businesses in the UK suffered a cyber incident in the past year . And those that get hit often struggle to survive: roughly 60% of small companies close within six months of a severe cyberattack .
Investing in security now is far cheaper than dealing with a breach later. Make sure your software is kept up to date with patches, use multi-factor authentication on accounts, and back up your data regularly – these simple steps can thwart many attacks or at least limit the damage. It’s also worth getting a professional cybersecurity assessment to evaluate your defenses.
A local expert – for example, Hilt Digital, a Wirral-based IT support and cybersecurity provider – can identify weak points and help set up proper safeguards.
Finally, when something does seem wrong, don’t wait. As Co-op demonstrated, a decisive response can turn a looming disaster into a manageable event. Cyber threats are a reality of doing business today, but with the right preparation and quick action, you can protect your company and stay one step ahead of the attackers.